To be fair, antivirus products do occasionally catch viruses. But, in the process of doing so, their very approach to malware removal can open the door to hackers (a much bigger problem to deal with).

How can the antivirus process let hackers in? Consider Norton again as an example. Norton scans emails as part of its malware removal process. However, a bug in their email scanning process can be triggered by hackers simply by sending an intentionally corrupt email.

It’s important to note: the user doesn’t need to open the email. On the contrary, Norton automatically opens the email to scan it, opening the backdoor for the hackers without any user interaction required:

“Symantec antivirus products use common unpackers to extract malware binaries when scanning a system. A heap overflow vulnerability in the ASPack unpacker could allow an unauthenticated remote attacker to gain root privileges on Linux or OSX platforms. The vulnerability can be triggered remotely using a malicious file (via email or link) with no user interaction.” — US Department of Homeland Security: Alert (TA16-187A)

In fact, Norton Antivirus even corrupted remote memory when scanning simple RAR files — a very common type of file used for compression (Federal Alert TA16-187A).

Normally, if a company opens the doors to hackers while promoting security, that company would be called a “scam.” But when you’re the largest security company on the planet, you can continue charging billions per year despite the most severe warnings possible from the highest authorities in the land.

Traditional antivirus and firewalls have an unfixable Achilles heel. What is this unfixable Achilles heel? What’s the alternative to traditional antivirus and firewalls? Why does this alternative succeed where traditional methods fail? All of these questions will be answered in upcoming blog posts.